create account which will not be overwritten by Ldap

I use LDAP authentication with Alfresco. That implies that a certain user might not exist within Alfresco prior to log-in.I want to apply access permissions for a newly uploaded documents to users, even if they haven't been in the system yet.

Can I create Ace with a "future" username which will be honored just by the username-string after the user is created?(Long shot, but I had to ask.)

If that is not possible, I need to create that user, but I will not know the password (stored in LDAP).I presume when I create a new user (let's say, with an empty password) the user will be denied since the account already exist, correct?(I have the authentication chain authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap).If I take the alfrescoNtlm authentication out of the chain, a new account will be created on user log-in, correct?